Security poll...

Time for another informal security poll...

Robert Wlodarczyk's post about Microsoft's victory in the eWeek Labs OpenHack 4 Competition reminded me of one of the great sin of server administrators...not applying patches.

While working on the revision for my books, Microsoft® ASP.NET Programming with Microsoft Visual Basic® .NET Version 2003 Step By Step and Microsoft® ASP.NET Programming with Microsoft Visual C#™ .NET Version 2003 Step By Step (for the record, I don't make up the titles), one of the areas that I updated was the section dealing with patching and, more specifically, the tools available for determining which patches are required, given the software you have installed on your server. I added a section on the Microsoft Baseline Security Analyzer, a relatively new tool for not only determining the patches required on a given machine, but also identifying software settings (such as the presence of IIS sample code, or incorrect ACL settings on SQL Server directories) that may cause security problems. Overall, I thought that MBSA was a nice step forward for making it easier for server administrators (and desktop admins, for that matter) to secure their systems.

But here are my questions...

  • How many people have heard of MBSA?
  • How many who've heard of it are actually using it?
  • If you do use MBSA, do you use it interactively through the GUI, or do you use the command-line interface (HFNetChk)?

Comment, or reply in your blog...I want to know what you think.

2 Comments

Comments have been disabled for this content.